DutchGrid CA Rekey Information

Notice
Renewal is only applicable for medium-security certificates. If you
have lost your private key, or if your certificate has since
expired, you will need to re-apply via the regular
Request form for generating a new
request and registration form.
Alternatively you can request a new personal certificate using
the jGridstart certificate management tool
or download the applications forms for
users
or for hosts
and servers here if needed. Please fill them completely and bring
them to your RA.

You can request routine rekeying of your Medium-security DutchGrid
certifation via the integrated certificate management tool
jGridstart or by signed electronic mail. This e-mail must then contain
a new certificate request, with the same subject name as the previous
certificate but with a new key pair.
Renewing your certification using the old key pair is not possible
under the medium-security policy.
The e-mail must be digitally signed by your "old" private key and
be in the S/MIME format. Your old certificate should NOT yet
have expired!

Alternatively, for host and server certificates via generation of a
signed e-mail, you can
use the dca-rekey-pack.sh
shell script. This script requires the presence of an OpenSSL
executable for your platform, and a basic set of file utilities
(sed, rm, date, hostname, a Bourne shell compatible sh and a
SysV compatible echo). You will have to mail the text to the CA using your
own favourite mail client...

Important: you have to manually send or upload your renewal request.
This is not done automatically! Once you have
submitted your request, you will receive an automatic confirmation email
within a few minutes. If you did not get this email, please send or submit
your renewal request again.

So, you you want to renew your existing Globus certification,
try the following commands:

dca-rekey-pack.sh -d .globus .globus/usercert.pem(or for the old script renewcert-dutchgrid.sh -d .globus .globus/usercert.pem)lots of blah-blah and passphrase typing
*** use to following command to mail it, but do not modify the
*** contents of the e-mail!
You have successfully generated your renewal (rekeying) request.
The renewal (rekeying) request is stored in the file 2007//newrekeypack.txt,
and you must now do either of the following:
- send file .globus/newrekeypack.txt by e-mail to ca@dutchgrid.nl, preferably
IN-LINE and not as an attachment (use copy-paste please)
- upload the file .globus/newrekeypack.txt using the renewal web interface at
http://ra.dutchgrid.nl/ra/public/submit
Your rekey request will be sent to your RA for acknowledgement,
so please be patient while your RA processes your request.
Thank you for using the DutchGrid CA Service.

Important: you have to manually send or upload your renewal request.
This is not done automatically! Once you have submitted your request,
you will receive an automatic confirmation email within a few minutes. If
you did not get this email, please send or submit your renewal request again.

Note that if you don't have sendmail, you could try using the "mail" program instead, but the web interface is more user-friendly.

Wait some time for cert to come back in e-mail, and save mail as .globus/newcert.pem. Now it's time to exchange your "old" set of keys for the new ones in one go: